Cash, Petty Cash, Change Funds, and Credit Cards
CASH
As public servants, it is our responsibility to safeguard taxpayer’s dollars while adhering to laws
and regulations governing processes over cash handling. Internal controls over cash are
necessary to prevent mishandling of funds and to safeguard against loss. Strong internal controls
also protect employees from inappropriate charges of mishandling funds by defining
responsibilities in the cash handling process. “Cash” includes coin, currency, checks, money
orders and credit card transactions. Entities can use internal controls to protect against
embezzlement, theft, fraud, and poor decision making.
This document does not address all possible circumstances that need to be considered when
establishing internal controls or assessing risk. Each entity is responsible for reviewing their
business practices and processes to determine where risks exist and where and how controls can
be established to mitigate them.
Control Objectives:
1. Controls are in place in the process to ensure accountability is established as early as
possible at all points along the accountability chain.
2. Assets are safeguarded from loss through watchful and responsible care and
reconciliation functions.
3. Segregation of duties, or mitigating controls, exists within transaction processes, custody,
and recording functions.
4. Transactions and events are properly recorded.
5. Staff understands their duties, responsibilities, and accountabilities.
6. Cash handling practices are documented and in compliance with state laws and
regulations and, credit cards are in compliance with Payment Card Industry Standards.
7. Transaction activities are properly authorized.
8. Cash records for authorization and transactions are maintained in accordance with
established requirements.
9. Transactions are properly verified before disbursement and records are maintained
according to established requirements.
10. Accountability for refunds and credits are maintained.
11. Accounting records are protected from theft, obsolescence, or destruction.
12. There is an accurate statement of cash on hand and in the bank.
Segregation of Duties:
Segregation of duties is one of the most important features of an internal control plan. Its
fundamental premise is that an individual or small group of individuals should not be in a position
to initiate, approve, undertake, and review the same action. These are called incompatible duties
when performed by the same individual. Examples of incompatible duties include situations
where the same individual (or small group of people) is responsible for:



Managing both the operation of and record keeping for the same activity.
Managing custodial activities and record keeping for the same assets.
Authorizing transactions and managing the custody or disposal of the related assets or
records.
Stated differently, there are four kinds of functional responsibilities that should be performed by
different work units, or at a minimum, by different persons within the same unit:
1. Custody of assets involved: This duty refers to the actual physical possession or effective
physical control/safekeeping of property.
2. Recording transactions: This duty refers to the accounting or record keeping function,
which in most organizations, is accomplished by entering data into a computer system.
Page 1 of 9
6/1/15
Cash, Petty Cash, Change Funds, and Credit Cards
3. Authorization to execute transactions: This duty belongs to persons with authority and
responsibility to initiate and execute transactions.
4. Periodic reviews and reconciliation of existing assets to recorded amounts: This duty
refers to making comparisons at regular intervals and taking action to resolve differences.
The advantage derived from proper segregation of duties is twofold:
 Fraud is more difficult to commit because it would require collusion of two or more
persons, and most people hesitate to seek the help of others to conduct wrongful acts.
 By handling different aspects of the transaction, innocent errors are more likely to be
found and flagged for correction.
Ideally, the following activities should be segregated:
 Individuals responsible for data entry of cash deposits should not be responsible for
approving these documents.
 Individuals who prepare/record checks should not sign the checks.
 Individuals who prepare/record checks should not reconcile the checking account.
 Individuals responsible for cash receipts functions should be separate from those
responsible for cash disbursements.
Example Segregation of Duties Controls Questions:
A.
1.
2.
3.
4.
5.
6.
7.
8.
Segregation of Duties:
Are responsibilities for collection and deposit
preparation functions segregated from those for
recording cash receipts and general ledger entries?
Are responsibilities for cash receipts functions
segregated from those for cash disbursements?
Are responsibilities for disbursement preparation and
disbursement approval functions segregated from
those for recording or entering cash disbursements
information on the general ledger?
Are responsibilities for the disbursement approval
function segregated from those for the disbursement,
voucher preparation, and purchasing functions?
Are responsibilities for entries in the cash receipt and
disbursement records segregated from those for
general ledger entries?
Are responsibilities for preparing and approving bank
account reconciliations segregated from those for
other cash receipt or disbursement functions?
Is access to cash management applications and
functions within programs, limited to those who have
a legitimate need?
Are all bank wire transfers for cash independently
reviewed and approved?
Yes
No
N/A
Comments
Yes
No
N/A
Comments
Example Procedural Controls Questions:
B.
1.
2.
Procedural Controls:
Is there a complete listing of all bank accounts that
are under the agency’s control?
Have all bank accounts been reported to a central
accounting department or the state treasurer?
Do collections provide for the following:
Page 2 of 9
6/1/15
Cash, Petty Cash, Change Funds, and Credit Cards
B.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
Procedural Controls:
Timely deposits of all receipts made according to
state requirements?
Controls at each collection location, to assure timely
deposit and accurate recording of collections?
Mail opened by two people?
Remittances by mail listed in duplicate at the time the
mail is opened?
Listing prepared by a person other than the one
opening the mail?
One copy of the listing forwarded, along with the
money, to the cashier or depositor?
Other copy attached as supporting documentation to
the accounting transaction?
A third person periodically comparing the list with the
deposit record?
Amounts of currency contained in each item of mail
verified by a second person?
Documents enclosed with currency are machine date
stamped or dated and initialed by the employee
opening the mail?
A secure area provided for processing and
safeguarding cash receipts?
Access to the secured area restricted to authorized
personnel, only?
The secured area is locked when not occupied?
Cash protected by using registers, safes, or locks
and kept in areas of limited access?
Timely notice of cash receipts at separate collection
locations given to a central accounting department?
Cash received at branch locations transmitted to the
central office or to the Treasurer through the banking
system?
Branch personnel restricted to making cash deposits,
only?
Daily reported receipts at separate collection
locations compared to records of a general
accounting department?
Restrictive endorsements placed on incoming checks
as soon as received?
"Not sufficient funds" checks delivered to someone
independent of those processing and recording cash
receipts?
Established procedures for follow-up of "not sufficient
funds” checks?
If checks are forwarded to be used as posting media
to customers' accounts, are there controls to ensure
checks are returned promptly for deposit?
If payments are made in person, are receipts
controlled by cash register, pre-numbered receipts, or
other equivalent means?
Receipts accounted for and balanced to collections
records daily?
Pre-numbered forms accounted for, including a
record of voided forms?
Yes
No
N/A
Comments
Page 3 of 9
6/1/15
Cash, Petty Cash, Change Funds, and Credit Cards
B.
28.
29.
Procedural Controls:
Facilities for protecting undeposited cash receipts?
Records maintained to assure correct handling and
final disposition of items held in suspense?
30. Suspense accounting eliminated by direct deposit of
money to the correct fund, as much as possible?
31. Delay of deposits avoided by making sure fund
distribution is immediately determinable?
Do disbursements procedures provide for the following:
32
Control over warrant, sight draft, or check-signing
machines, as to signature plates and usage?
33
Procedures providing for immediate notification, as
applicable, to banks, Treasurer, and Controller, when
warrant, sight draft, or check signers leave the unit or
are otherwise no longer authorized to sign?
34
Furnishing invoices and supporting documents to the
signer prior to signing the warrant, sight-draft, or
check, to help assure funds are disbursed only for
authorized purposes; and to help ensure laws, rules,
and regulations are followed?
35
Setting reasonable limits on amounts payable by
facsimile signature?
36
Requiring two signatures on warrants, sight drafts, or
checks over a stated amount?
37
Maintaining signature plates in the custody of the
person whose facsimile signature is on the plate,
when the plate is not in use?
38
Using plates only under the signer's control and
recording of machine reading by the signer or an
appropriate designee, to ascertain all signed
warrants, sight drafts, or checks are properly
accounted for by comparison to document control
totals?
39. Direct delivery to the mail room of signed warrants,
sight drafts, or checks, making them inaccessible to
persons who requested, prepared, or recorded them?
40. Prohibiting the drawing of warrants, sight drafts, or
checks to "cash" or "bearer"?
41. Controls to ensure all payments are made on a timely
basis and in accordance with all purchase orders and
contracts?
42. Controls to ensure duplicate payments are not
made?
43. Are original invoices (no copies) totaling the amount
of the disbursement attached to each voucher before
payment?
44. Controls to ensure each cash disbursement is
properly vouchered and approved by the proper
authorities before the disbursement occurs?
Do custody procedures provide for the following:
45. Maintenance of controls over the supply of unused
and voided warrants, sight drafts, or checks?
46. Do the custodian and a responsible supervisor
perform monthly physical inventories of blank stock?
Yes
No
N/A
Comments
Page 4 of 9
6/1/15
Cash, Petty Cash, Change Funds, and Credit Cards
B.
47.
Procedural Controls:
Proper authorization of bank accounts or rotary
accounts?
48. Periodic reviews of and formal reauthorization of
depositories?
49. Controls and physical safeguards surrounding petty
cash funds?
50. Maintenance of fidelity insurance coverage?
51. Maintenance of separate bank accounts for each
fund, or if not, fund control over pooled cash?
Do detail accounting procedures include the following:
52. Procedures ensuring collections and disbursements
are recorded accurately and promptly in the correct
fund or account?
53. Procedures for authorizing and recording inter-bank
and inter-fund transfers and providing for proper
accounting for those transactions?
Do general ledger procedures provide for the following:
54. General ledger control over all bank accounts?
55. Delivery of bank statements and paid warrants, sight
drafts, or checks in unopened envelopes directly to
the employee preparing the reconciliation?
Do general ledger procedures include the following steps,
which are essential to an effective reconciliation?
56. Comparison of warrants, sight drafts, or checks in
appropriate detail with disbursement records?
57. Examination of signature and endorsements, at least
on a test basis, to determine forgeries, alterations,
improper endorsement?
58. Accounting for numerical sequence of warrants, sight
drafts, or checks used?
59. Comparison of book balances used in reconciliations
with balances in general ledger accounts?
60. Comparison of deposit amounts and dates with cash
receipt entries?
61. Footing of cash books?
62. Review and approval of all reconciliations and
investigation of unusual reconciling items by an
official not responsible for receipts and
disbursements, including recording evidence of the
review and approval, by signing the reconciliation?
63. Periodic investigation of checks outstanding for a
considerable time?
Yes
No
N/A
Comments
Page 5 of 9
6/1/15
Cash, Petty Cash, Change Funds, and Credit Cards
PETTY CASH/CHANGE FUNDS
Example Segregation of Duties Control Questions:
A.
1.
2.
3.
4.
Segregation of Duties:
Is the custodian of the petty cash and/or change fund
prohibited from handling more than one fund or other
cash receipts?
Are the reimbursement vouchers approved by a
responsible employee who does not have direct
access to the petty cash?
Is the frequency of petty cash fund replenishments
monitored by someone other than the fund
custodian?
Are the depositing, reconciling and recording of the
office/department/s receipts/collections done by
someone other than the custodian of the petty cash
and/or change funds?
Yes
No
N/A
Comments
Yes
No
N/A
Comments
Example Procedural Controls Questions:
B.
Procedural Controls:
Is the petty cash and/or change fund:
1.
Properly authorized?
2.
The responsibility of only one person?
3.
Controlled by an imprest system?
4.
Are petty cash vouchers signed by the person
receiving the cash?
5.
Are petty cash vouchers prepared in ink and required
for each disbursement?
6.
Are petty cash vouchers supported by an invoice with
the amounts and purpose spelled out?
7.
Are the vouchers and attachments properly canceled
to prevent their reuse?
8.
Are surprise counts used to verify petty cash and/or
change funds?
9.
Are IOUs, unauthorized advances, and personal
checks prohibited?
10. Are petty cash funds disbursements limits
established?
11. Are reimbursements made payable to the petty cash
fund custodian?
12. Are petty cash and/or change fund balances for the
activity's needs? (Curt comments this is not very
clear.)
13. Are deposits reconciled to a control (i.e. cash register
tape)?
Custody:
14. Is the physical access to the petty cash and/or
change funds restricted to only those people who
have authority for its use?
15. Are petty cash and/or change funds physically kept in
a locked container at all times to safeguard the funds
against theft?
Page 6 of 9
6/1/15
Cash, Petty Cash, Change Funds, and Credit Cards
CREDIT CARDS
Example Segregation of Duties Control Questions:
A.
1.
2.
3.
Segregation of Duties:
Is the responsibility to process a credit card payment
segregated from the processing of a void?
Is the responsibility to process a credit or refund
segregated from the payment processing function?
Is the responsibility to reconcile credit card payments
segregated from processing payments, voids, credits
and refunds?
Yes
No
N/A
Comments
Example Procedural Controls Questions:
B.
Procedural Controls:
NOTE: All entities should have strict security controls over
credit card usage to mitigate risks. Merchant fees are
based on the security procedures an organization has in
place to prevent fraud.
When credit cards are accepted in face-to-face
transactions:
1.
Is the amount reviewed to ensure the dollar amount
charged is correct before the transaction is
electronically submitted for approval?
2.
Is the name on the credit card and the last four digits
of the account number compared to the data on the
printed receipt?
3.
Is the customer’s signature on the sales receipt
compared to the signature on the back of the card?
4.
Is the name on the credit card verified against other
personal identification in the possession of the user
such as a photo ID?
5.
Do only the last four digits and the expiration date
appear on the cardholder’s copy of the printed
receipt?
6.
If the credit card magnetic strip cannot be read, are
there procedures for manually entering the credit
card information?
7.
If the card is declined, are there documented
procedures for another acceptable form of payment?
When credit cards are accepted over the telephone or by
mail order:
8.
Is the address verified by the person accepting the
order? (Entity should have access to an Address
Verification Service (AVS) which will verify the user’s
complete address when the credit card account
number and zip code are entered.)
9.
Is the 3 digit security number used to verify the card
owner? Note: if this security number is not checked,
it may cause your merchant rate to increase.
Yes
No
N/A
Comments
Page 7 of 9
6/1/15
Cash, Petty Cash, Change Funds, and Credit Cards
B.
10.
Procedural Controls:
Are there procedures to ensure the document
transaction includes the entity’s identifying number
(invoice number or license number) and the entity’s
customer service number?
When credit cards are accepted over the Internet:
11. Is the amount charged populated based on the
customer’s selection?
12. Does the web site adhere to fraud prevention
measures? (For example, Address Verification
Services, Card Validations Codes or other fraud
prevention tool available from the issuing bank.)
Credit card deposits and settlements:
13. Do credit card transaction deposits meet the
requirements for your agency and state?
14. Are the daily receipts totals from all credit card
processing devices printed and used to settle
transactions for each business day?
15. Are the daily receipt transactions for each business
day reconciled in a timely manner?
(Recommendation: reconciliation should be
completed on a daily basis for each day transactions
are created. At a minimum, reconciliation should be
completed on a weekly basis.)
16. Are variances investigated in a timely manner and
reasons for the variance documented?
Credit card reconciliations:
17. Are employees trained to know when the settlement
cut-off time occurs in order to correctly reconcile the
daily transactions?
18. Are total credit card receipts reconciled on a daily
basis to the total dollar value sold? (For example,
total dollar amount reconciled to number of licenses
issued via credit cards.)
19. Are the amounts reconciled on a day-by-day basis to
a statement from the bank servicing the credit card?
20. Are the credit card amounts reconciled on a day-byday basis to a merchant statement which also lists
merchant fees?
21. Are the credit card amounts reconciled to state
treasury documentation?
22. Are reconciliations identified in the previous
questions completed in a timely manner in order to
meet agency needs and good business practice?
23. Are there documented procedures for employees to
follow when credit card receipts do not reconcile to
the statements identified in the previous questions?
24. When appropriate, are credit card receipts used to
reconcile a reduction in inventory?
Credit card refunds:
25. Is the refund policy clearly displayed or
communicated to the customer at the time of the
initial transaction?
Yes
No
N/A
Comments
Page 8 of 9
6/1/15
Cash, Petty Cash, Change Funds, and Credit Cards
B.
26.
Procedural Controls:
Are credit card refunds issued in a timely manner,
i.e., as near as possible to the date of the original
transaction?
27. Is there appropriate documentation on file with the
credit card refund? (Example: documented reason
for the refund, was the original entry verified, was the
refund made according to the organizations timeline
for refunds.)
28. Are credits issued to the same credit card used in the
original transaction?
29. Are there documented procedures for employees to
follow if the original credit card has been cancelled or
expired?
Credit card chargebacks:
30. Are procedures documented for processing disputed
and/or cancelled transactions?
Safeguarding credit card records:
All entities accepting credit cards for payment must be in
compliance with Payment Card Industry (PCI) standards.
More information about these standards can be found at:
https://www.pcisecuritystandards.org/
Yes
No
N/A
Comments
Due to the width and depth of these standards, they are not
addressed in this document but each organization should
take appropriate steps to ensure compliance with the
standards.
31. Does the entity have documentation to show they are
PCI compliant?
32. Has the entity submitted the Self-Assessment
Questionnaire (SAQ) to their merchant bank?
Note: In October 2008, PCI issued new SAQ’s which can
be found at:
https://www.pcisecuritystandards.org/saq/index.shtml
Page 9 of 9
6/1/15